User roles define what an authorised user can do in BE Custody.
Roles help organisations separate responsibilities across governance, administration, transaction activity, technical operations, and controlled custody processes. The roles available to an organisation may depend on its BE Custody configuration, service model, and operational setup.
Why are user roles important?
User roles support governance and operational control by helping organisations define who can perform specific actions.
They can help organisations:
- Limit access to custody functions
- Separate transaction creation from governance administration
- Separate transaction creation from transaction approval, where configured
- Apply maker-checker or multi-user review processes
- Reduce unnecessary access
- Support internal control and audit requirements
- Align custody access with internal responsibilities
Roles should be assigned based on each user’s operational responsibilities.
Main role types
The following role descriptions provide a high-level overview. Exact responsibilities and permissions may vary depending on the organisation’s setup.
| Role | High-level purpose |
|---|---|
| Owner | Holds senior organisational authority for the custody relationship and delegates operational responsibility. |
| Admin | Manages users, governance settings, and operational configuration. |
| Signer | Creates, reviews, or approves transactions within assigned permissions and configured policies. |
| Cluster Manager | Supports the technical custody environment and related operational readiness. |
| Cohort Manager | Supports controlled key lifecycle and governance-related custody processes. |
Owner
The Owner is the senior organisational authority for the custody relationship.
Owners are typically responsible for providing or approving key organisational setup information and appointing the appropriate administrators. They are not usually involved in day-to-day custody operations.
At a high level, the Owner may be responsible for:
- Confirming organisational setup information
- Appointing Admins
- Acting as a senior organisational contact
- Delegating operational responsibility to appropriate users
Admin
Admins are responsible for user management and governance-related configuration.
They help translate the organisation’s internal governance model into the relevant BE Custody setup. Depending on configuration, Admins may manage users, role changes, approval settings, address controls, limits, or other governance workflows.
At a high level, an Admin may be responsible for:
- Managing user access requests
- Supporting user role changes
- Managing governance-related workflows
- Helping maintain signing or approval configurations
- Supporting operational control settings
Admins generally have a governance and administration role rather than a day-to-day transaction execution role.
Signer
Signers are involved in transaction activity.
Depending on their assigned permissions and the organisation’s configuration, Signers may create, review, approve, or sign transactions. Their authority is bounded by the policies, limits, and approval workflows configured for the organisation.
At a high level, a Signer may be responsible for:
- Creating transaction requests
- Reviewing transaction details
- Approving or rejecting transactions
- Signing transactions where required
- Following the organisation’s internal approval process
Signers should only approve transactions they recognise and have reviewed.
Cluster Manager
The Cluster Manager supports the technical custody environment used by the organisation.
This is a technical role rather than a financial approval role. The Cluster Manager may support infrastructure readiness, technical operational activities, or environment-related processes depending on the organisation’s setup.
At a high level, a Cluster Manager may be involved in:
- Supporting technical custody infrastructure
- Coordinating environment readiness
- Supporting technical lifecycle events
- Working with appropriate operational or technical teams
The exact responsibilities depend on the service model and configuration.
Cohort Manager
The Cohort Manager supports controlled custody processes related to key lifecycle governance and operational assurance.
This is a specialist procedural role rather than a day-to-day transaction execution role. The role may be relevant where an organisation has specific operational, governance, or key lifecycle requirements.
At a high level, a Cohort Manager may support:
- Controlled custody governance processes
- Key lifecycle-related coordination
- Procedural oversight
- Operational assurance activities
- Internal control and audit readiness
The exact responsibilities depend on the organisation’s setup and agreed custody model.
How do the roles work together?
At a high level:
- The Owner provides senior organisational authority.
- The Admin manages user access and governance configuration.
- The Signer performs transaction-related actions within configured permissions.
- The Cluster Manager supports the technical custody environment.
- The Cohort Manager supports controlled custody lifecycle and assurance processes.
This separation helps organisations apply appropriate governance, reduce concentration of authority, and align custody activity with internal controls.
How should roles be assigned?
Roles should follow the principle of least privilege.
Users should only be assigned the access they need to perform their responsibilities. Access should be reviewed regularly, especially when a user changes role, changes team, no longer requires custody access, or leaves the organisation.
Organisations should also consider whether responsibilities should be separated across different users or teams.
What should I do if my permissions look wrong?
If your permissions do not match your responsibilities, contact your organisation’s administrator.
If your organisation needs support reviewing access or resolving a permissions issue, contact Bitpanda Enterprise Custody Support through the approved support channel.
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, or other sensitive authentication information in a support request.